<?php
namespace App\Models;

use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Redis;

class TencentAPIModel{

    private $sdkappid;
    private $appKey ;
    private $createGroupApi = 'https://console.tim.qq.com/v4/group_open_http_svc/create_group';

    private $destroyGroupApi = 'https://console.tim.qq.com/v4/group_open_http_svc/destroy_group';
    private $modifyGroupApi = 'https://console.tim.qq.com/v4/group_open_http_svc/modify_group_base_info';
    private $changeOwnerApi = 'https://console.tim.qq.com/v4/group_open_http_svc/change_group_owner';
    private $importAccountApi = 'https://console.tim.qq.com/v4/im_open_login_svc/account_import';

    private $forbidSendMsgApi = 'https://console.tim.qq.com/v4/group_open_http_svc/forbid_send_msg';
    private $sendGroupMsgApi = 'https://console.tim.qq.com/v4/group_open_http_svc/send_group_msg';
    private $groupOnlineCountApi = 'https://console.tim.qq.com/v4/group_open_http_svc/get_online_member_num';
    private $forbidUserListApi = "https://console.tim.qq.com/get_group_muted_accountv4/group_open_http_svc/get_group_muted_account";
    private $getGroupOnlineUserCountApi = "https://console.tim.qq.com/v4/group_open_http_svc/get_online_member_num";
    private $getGroupMsgListApi = "https://console.tim.qq.com/v4/group_open_http_svc/group_msg_get_simple";


    private $adminUserId="administrator";


    public $errMsg="";

    public function __construct(){

        $this->sdkappid=env('IM_SDKAPPID');
        $this->appKey =env('IM_APPKEY');

    }
    private function getAdminSig(){
        $sdkappid = $this->sdkappid;
        $key = $this->appKey;
        $userId=$this->adminUserId;
        $cacheKey ="live:tencent:admin:sig";
        $adminCache = Redis::GET($cacheKey);
        if (empty($adminCache)) {
            try {
                if (empty($userId)) {
                    throw new \Exception('用户ID不能为空');
                }
                $api = new TLSSigAPIv2($sdkappid, $key);
                $expire = 1 * 24 * 3600; // 假设有效期 180 天
                $userSig = $api->genUserSig($userId, $expire);
                //Log::error("userSig=".$userSig.PHP_EOL);
                $userSig=Redis::connection("noprefix")->GET("live:tencent:admin:sig");
                $userSig=unserialize($userSig);
                Redis::SETEX($cacheKey,$expire, $userSig);
                return $userSig;
            } catch (\Exception $e) {
                return false;
            }
        }else{
         return $adminCache;
        }
    }
    public function getGroupRoomMsgList(string $groupId,int $ReqMsgSeq=0){
        $random = random_int(0, 4294967295);
        $userSig = $this->getAdminSig();
        $url=$this->getGroupMsgListApi.'?'. http_build_query([
                'sdkappid' => $this->sdkappid,
                'identifier' => $this->adminUserId,
                'usersig' => $userSig,
                'random' => $random,
                'contenttype' => 'json'
            ]);
            Log::debug("tx.request.url={$url}");
            $data=[
                "GroupId"=>$groupId,
                "ReqMsgNumber"=>6
            ];
            if(!empty($ReqMsgSeq)){
                $data['ReqMsgSeq']=$ReqMsgSeq;
            }
            Log::debug("tx.request.json=".json_encode($data));
        try {
            $client = Http::post($url,$data);
            $result=$client->json();
            if ($result['ActionStatus'] == 'OK') {
               Log::debug("tx.request.result=".json_encode($result));
                return $result['RspMsgList']??null;
            } else {
                throw new \Exception($result['ErrorInfo']);
            }
        } catch (\Exception $e) {
            $this->errMsg = $e->getMessage();
            Log::debug($this->errMsg);
            return false;
        }
    }
    public function getGroupOnlineUserCount(string $groupId){
        $random = random_int(0, 4294967295);
        $userSig = $this->getAdminSig();
        $url=$this->getGroupOnlineUserCountApi.'?'. http_build_query([
                'sdkappid' => $this->sdkappid,
                'identifier' => $this->adminUserId,
                'usersig' => $userSig,
                'random' => $random,
                'contenttype' => 'json'
            ]);
            Log::debug("tx.request.url={$url}");
            $data=[
                "GroupId"=>$groupId
            ];
            Log::debug("tx.request.json=".json_encode($data));
        try {
            $client = Http::post($url,$data);
            $result=$client->json();
            if ($result['ActionStatus'] == 'OK') {
               Log::debug("tx.request.result=".json_encode($result));
                return $result['OnlineMemberNum']??null;
            } else {
                throw new \Exception($result['ErrorInfo']);
            }
        } catch (\Exception $e) {
            $this->errMsg = $e->getMessage();
            Log::debug($this->errMsg);
            return false;
        }
    }
    /**
     * 发送群组消息
     * @param string $groupId 群组ID
     * @param string $msgBody 消息内容（文本）
     * @param string $fromAccount 发送者账号（可选，需是已导入用户）
     * @return array
     */
    public function sendGroupMsg(string $groupId, string $msgBody,string $type="TIMCustomElem", string $fromAccount = null)
    {
        $random = random_int(0, 4294967295);
        $userSig = $this->getAdminSig();
        //$userSig= DB::connection('shop')->table("member")->where('member_id',$member_id)->value('userSig');
        $url = $this->sendGroupMsgApi . '?' . http_build_query([
                'sdkappid' => $this->sdkappid,
                'identifier' => $this->adminUserId,
                'usersig' => $userSig,
                'random' => $random,
                'contenttype' => 'json'
            ]);
            Log::debug("tx.request.url={$url}");
        if($type=='TIMCustomElem'){
            // 构建自定义消息内容 - 这是关键修改部分
            $msgContent = [
                'Data' => $msgBody, // 自定义数据，必须是JSON字符串
            ];

            $data = [
                'GroupId' => $groupId,
                'Random' => $random, // 消息随机数，用于去重
                'MsgBody' => [ // 消息体
                    [
                        'MsgType' => 'TIMCustomElem', // 修改为自定义消息类型
                        'MsgContent' => $msgContent
                    ]
                ]
            ];
            Log::debug("tx.request.json=".json_encode($data));
        }else{
            // 构建消息体
            $msgContent = ['Text' => $msgBody];
            // 构建请求数据
            $data = [
                'GroupId' => $groupId,
                'Random' => $random, // 用于去重的随机数:cite[1]:cite[8]
                'MsgBody' => [
                    [
                        'MsgType' => 'TIMTextElem', // 文本元素
                        'MsgContent' => $msgContent
                    ]
                ]
            ];
        }


        // 设置发送者账号
        if (!empty($fromAccount)) {
            $data['From_Account'] = $fromAccount;
        } else {
            $data['From_Account'] = $this->adminUserId; // 默认使用管理员账号
        }
        try {
            $client = Http::post($url,$data);
            $result=$client->json();
            if ($result['ActionStatus'] == 'OK') {
                return true;
            } else {
                throw new \Exception($result['ErrorInfo']);
            }
        } catch (\Exception $e) {
            $this->errMsg = $e->getMessage();
            Log::debug($this->errMsg);
            return false;
        }
    }
}
class TLSSigAPIv2 {

    private $key = false;
    private $sdkappid = 0;

    /**
    *【功能说明】用于签发 TRTC 和 IM 服务中必须要使用的 UserSig 鉴权票据
    *
    *【参数说明】
    * @param string userid - 用户id，限制长度为32字节，只允许包含大小写英文字母（a-zA-Z）、数字（0-9）及下划线和连词符。
    * @param string expire - UserSig 票据的过期时间，单位是秒，比如 86400 代表生成的 UserSig 票据在一天后就无法再使用了。
    * @return string 签名字符串
    * @throws \Exception
    */

    /**
     * Function: Used to issue UserSig that is required by the TRTC and IM services.
     *
     * Parameter description:
     * @param userid - User ID. The value can be up to 32 bytes in length and contain letters (a-z and A-Z), digits (0-9), underscores (_), and hyphens (-).
     * @param expire - UserSig expiration time, in seconds. For example, 86400 indicates that the generated UserSig will expire one day after being generated.
     * @return string signature string
     * @throws \Exception
    */

    public function genUserSig( $userid, $expire = 86400*180 ) {
        return $this->__genSig( $userid, $expire, '', false );
    }

    /**
    *【功能说明】
    * 用于签发 TRTC 进房参数中可选的 PrivateMapKey 权限票据。
    * PrivateMapKey 需要跟 UserSig 一起使用，但 PrivateMapKey 比 UserSig 有更强的权限控制能力：
    *  - UserSig 只能控制某个 UserID 有无使用 TRTC 服务的权限，只要 UserSig 正确，其对应的 UserID 可以进出任意房间。
    *  - PrivateMapKey 则是将 UserID 的权限控制的更加严格，包括能不能进入某个房间，能不能在该房间里上行音视频等等。
    * 如果要开启 PrivateMapKey 严格权限位校验，需要在【实时音视频控制台】=>【应用管理】=>【应用信息】中打开“启动权限密钥”开关。
    *
    *【参数说明】
    * @param userid - 用户id，限制长度为32字节，只允许包含大小写英文字母（a-zA-Z）、数字（0-9）及下划线和连词符。
    * @param expire - PrivateMapKey 票据的过期时间，单位是秒，比如 86400 生成的 PrivateMapKey 票据在一天后就无法再使用了。
    * @param roomid - 房间号，用于指定该 userid 可以进入的房间号
    * @param privilegeMap - 权限位，使用了一个字节中的 8 个比特位，分别代表八个具体的功能权限开关：
    *  - 第 1 位：0000 0001 = 1，创建房间的权限
    *  - 第 2 位：0000 0010 = 2，加入房间的权限
    *  - 第 3 位：0000 0100 = 4，发送语音的权限
    *  - 第 4 位：0000 1000 = 8，接收语音的权限
    *  - 第 5 位：0001 0000 = 16，发送视频的权限
    *  - 第 6 位：0010 0000 = 32，接收视频的权限
    *  - 第 7 位：0100 0000 = 64，发送辅路（也就是屏幕分享）视频的权限
    *  - 第 8 位：1000 0000 = 200，接收辅路（也就是屏幕分享）视频的权限
    *  - privilegeMap == 1111 1111 == 255 代表该 userid 在该 roomid 房间内的所有功能权限。
    *  - privilegeMap == 0010 1010 == 42  代表该 userid 拥有加入房间和接收音视频数据的权限，但不具备其他权限。
    */

    /**
     * Function:
     * Used to issue PrivateMapKey that is optional for room entry.
     * PrivateMapKey must be used together with UserSig but with more powerful permission control capabilities.
     *  - UserSig can only control whether a UserID has permission to use the TRTC service. As long as the UserSig is correct, the user with the corresponding UserID can enter or leave any room.
     *  - PrivateMapKey specifies more stringent permissions for a UserID, including whether the UserID can be used to enter a specific room and perform audio/video upstreaming in the room.
     * To enable stringent PrivateMapKey permission bit verification, you need to enable permission key in TRTC console > Application Management > Application Info.
     *
     * Parameter description:
     * userid - User ID. The value can be up to 32 bytes in length and contain letters (a-z and A-Z), digits (0-9), underscores (_), and hyphens (-).
     * roomid - ID of the room to which the specified UserID can enter.
     * expire - PrivateMapKey expiration time, in seconds. For example, 86400 indicates that the generated PrivateMapKey will expire one day after being generated.
     * privilegeMap - Permission bits. Eight bits in the same byte are used as the permission switches of eight specific features:
     *  - Bit 1: 0000 0001 = 1, permission for room creation
     *  - Bit 2: 0000 0010 = 2, permission for room entry
     *  - Bit 3: 0000 0100 = 4, permission for audio sending
     *  - Bit 4: 0000 1000 = 8, permission for audio receiving
     *  - Bit 5: 0001 0000 = 16, permission for video sending
     *  - Bit 6: 0010 0000 = 32, permission for video receiving
     *  - Bit 7: 0100 0000 = 64, permission for substream video sending (screen sharing)
     *  - Bit 8: 1000 0000 = 200, permission for substream video receiving (screen sharing)
     *  - privilegeMap == 1111 1111 == 255: Indicates that the UserID has all feature permissions of the room specified by roomid.
     *  - privilegeMap == 0010 1010 == 42: Indicates that the UserID has only the permissions to enter the room and receive audio/video data.
     */

    public function genPrivateMapKey( $userid, $expire, $roomid, $privilegeMap ) {
        $userbuf = $this->__genUserBuf( $userid, $roomid, $expire, $privilegeMap, 0, '' );
        return $this->__genSig( $userid, $expire, $userbuf, true );
    }
    /**
    *【功能说明】
    * 用于签发 TRTC 进房参数中可选的 PrivateMapKey 权限票据。
    * PrivateMapKey 需要跟 UserSig 一起使用，但 PrivateMapKey 比 UserSig 有更强的权限控制能力：
    *  - UserSig 只能控制某个 UserID 有无使用 TRTC 服务的权限，只要 UserSig 正确，其对应的 UserID 可以进出任意房间。
    *  - PrivateMapKey 则是将 UserID 的权限控制的更加严格，包括能不能进入某个房间，能不能在该房间里上行音视频等等。
    * 如果要开启 PrivateMapKey 严格权限位校验，需要在【实时音视频控制台】=>【应用管理】=>【应用信息】中打开“启动权限密钥”开关。
    *
    *【参数说明】
    * @param userid - 用户id，限制长度为32字节，只允许包含大小写英文字母（a-zA-Z）、数字（0-9）及下划线和连词符。
    * @param expire - PrivateMapKey 票据的过期时间，单位是秒，比如 86400 生成的 PrivateMapKey 票据在一天后就无法再使用了。
    * @param roomstr - 房间号，用于指定该 userid 可以进入的房间号
    * @param privilegeMap - 权限位，使用了一个字节中的 8 个比特位，分别代表八个具体的功能权限开关：
    *  - 第 1 位：0000 0001 = 1，创建房间的权限
    *  - 第 2 位：0000 0010 = 2，加入房间的权限
    *  - 第 3 位：0000 0100 = 4，发送语音的权限
    *  - 第 4 位：0000 1000 = 8，接收语音的权限
    *  - 第 5 位：0001 0000 = 16，发送视频的权限
    *  - 第 6 位：0010 0000 = 32，接收视频的权限
    *  - 第 7 位：0100 0000 = 64，发送辅路（也就是屏幕分享）视频的权限
    *  - 第 8 位：1000 0000 = 200，接收辅路（也就是屏幕分享）视频的权限
    *  - privilegeMap == 1111 1111 == 255 代表该 userid 在该 roomid 房间内的所有功能权限。
    *  - privilegeMap == 0010 1010 == 42  代表该 userid 拥有加入房间和接收音视频数据的权限，但不具备其他权限。
    */

    /**
     * Function:
     * Used to issue PrivateMapKey that is optional for room entry.
     * PrivateMapKey must be used together with UserSig but with more powerful permission control capabilities.
     *  - UserSig can only control whether a UserID has permission to use the TRTC service. As long as the UserSig is correct, the user with the corresponding UserID can enter or leave any room.
     *  - PrivateMapKey specifies more stringent permissions for a UserID, including whether the UserID can be used to enter a specific room and perform audio/video upstreaming in the room.
     * To enable stringent PrivateMapKey permission bit verification, you need to enable permission key in TRTC console > Application Management > Application Info.
     *
     * Parameter description:
     * @param userid - User ID. The value can be up to 32 bytes in length and contain letters (a-z and A-Z), digits (0-9), underscores (_), and hyphens (-).
     * @param roomstr - ID of the room to which the specified UserID can enter.
     * @param expire - PrivateMapKey expiration time, in seconds. For example, 86400 indicates that the generated PrivateMapKey will expire one day after being generated.
     * @param privilegeMap - Permission bits. Eight bits in the same byte are used as the permission switches of eight specific features:
     *  - Bit 1: 0000 0001 = 1, permission for room creation
     *  - Bit 2: 0000 0010 = 2, permission for room entry
     *  - Bit 3: 0000 0100 = 4, permission for audio sending
     *  - Bit 4: 0000 1000 = 8, permission for audio receiving
     *  - Bit 5: 0001 0000 = 16, permission for video sending
     *  - Bit 6: 0010 0000 = 32, permission for video receiving
     *  - Bit 7: 0100 0000 = 64, permission for substream video sending (screen sharing)
     *  - Bit 8: 1000 0000 = 200, permission for substream video receiving (screen sharing)
     *  - privilegeMap == 1111 1111 == 255: Indicates that the UserID has all feature permissions of the room specified by roomid.
     *  - privilegeMap == 0010 1010 == 42: Indicates that the UserID has only the permissions to enter the room and receive audio/video data.
     */

    public function genPrivateMapKeyWithStringRoomID( $userid, $expire, $roomstr, $privilegeMap ) {
        $userbuf = $this->__genUserBuf( $userid, 0, $expire, $privilegeMap, 0, $roomstr );
        return $this->__genSig( $userid, $expire, $userbuf, true );
    }

    public function __construct( $sdkappid, $key ) {
        $this->sdkappid = $sdkappid;
        $this->key = $key;
    }

    /**
    * 用于 url 的 base64 encode
    * '+' => '*', '/' => '-', '=' => '_'
    * @param string $string 需要编码的数据
    * @return string 编码后的base64串，失败返回false
    * @throws \Exception
    */

    /**
    * base64 encode for url
    * '+' => '*', '/' => '-', '=' => '_'
    * @param string $string data to be encoded
    * @return string The encoded base64 string, returns false on failure
    * @throws \Exception
    */
    private function base64_url_encode( $string ) {
        static $replace = Array( '+' => '*', '/' => '-', '=' => '_' );
        $base64 = base64_encode( $string );
        if ( $base64 === false ) {
            throw new \Exception( 'base64_encode error' );
        }
        return str_replace( array_keys( $replace ), array_values( $replace ), $base64 );
    }

    /**
    * 用于 url 的 base64 decode
    * '+' => '*', '/' => '-', '=' => '_'
    * @param string $base64 需要解码的base64串
    * @return string 解码后的数据，失败返回false
    * @throws \Exception
    */

    /**
    * base64 decode for url
    * '+' => '*', '/' => '-', '=' => '_'
    * @param string $base64 base64 string to be decoded
    * @return string Decoded data, return false on failure
    * @throws \Exception
    */
    private function base64_url_decode( $base64 ) {
        static $replace = Array( '+' => '*', '/' => '-', '=' => '_' );
        $string = str_replace( array_values( $replace ), array_keys( $replace ), $base64 );
        $result = base64_decode( $string );
        if ( $result == false ) {
            throw new \Exception( 'base64_url_decode error' );
        }
        return $result;
    }
    /**
    * TRTC业务进房权限加密串使用用户定义的userbuf
    * @brief 生成 userbuf
    * @param account 用户名
    * @param dwSdkappid sdkappid
    * @param dwAuthID  数字房间号
    * @param dwExpTime 过期时间：该权限加密串的过期时间. 过期时间 = now+dwExpTime
    * @param dwPrivilegeMap 用户权限，255表示所有权限
    * @param dwAccountType 用户类型, 默认为0
    * @param roomStr 字符串房间号
    * @return userbuf string  返回的userbuf
    */

    /**
    * User-defined userbuf is used for the encrypted string of TRTC service entry permission
    * @brief generate userbuf
    * @param account username
    * @param dwSdkappid sdkappid
    * @param dwAuthID  digital room number
    * @param dwExpTime Expiration time: The expiration time of the encrypted string of this permission. Expiration time = now+dwExpTime
    * @param dwPrivilegeMap User permissions, 255 means all permissions
    * @param dwAccountType User type, default is 0
    * @param roomStr String room number
    * @return userbuf string  returned userbuf
    */

    private function __genUserBuf( $account, $dwAuthID, $dwExpTime, $dwPrivilegeMap, $dwAccountType,$roomStr ) {
     
        //cVer  unsigned char/1 版本号，填0
        if($roomStr == '')
            $userbuf = pack( 'C1', '0' );
        else
            $userbuf = pack( 'C1', '1' );
        
        $userbuf .= pack( 'n', strlen( $account ) );
        //wAccountLen   unsigned short /2   第三方自己的帐号长度
        $userbuf .= pack( 'a'.strlen( $account ), $account );
        //buffAccount   wAccountLen 第三方自己的帐号字符
        $userbuf .= pack( 'N', $this->sdkappid );
        //dwSdkAppid    unsigned int/4  sdkappid
        $userbuf .= pack( 'N', $dwAuthID );
        //dwAuthId  unsigned int/4  群组号码/音视频房间号
        $expire = $dwExpTime + time();
        $userbuf .= pack( 'N', $expire );
        //dwExpTime unsigned int/4  过期时间 （当前时间 + 有效期（单位：秒，建议300秒））
        $userbuf .= pack( 'N', $dwPrivilegeMap );
        //dwPrivilegeMap unsigned int/4  权限位
        $userbuf .= pack( 'N', $dwAccountType );
        //dwAccountType  unsigned int/4
        if($roomStr != '')
        {
            $userbuf .= pack( 'n', strlen( $roomStr ) );
            //roomStrLen   unsigned short /2   字符串房间号长度
            $userbuf .= pack( 'a'.strlen( $roomStr ), $roomStr );
            //roomStr   roomStrLen 字符串房间号
        }
        return $userbuf;
    }
    /**
    * 使用 hmac sha256 生成 sig 字段内容，经过 base64 编码
    * @param $identifier 用户名，utf-8 编码
    * @param $curr_time 当前生成 sig 的 unix 时间戳
    * @param $expire 有效期，单位秒
    * @param $base64_userbuf base64 编码后的 userbuf
    * @param $userbuf_enabled 是否开启 userbuf
    * @return string base64 后的 sig
    */

    /**
    * Use hmac sha256 to generate sig field content, base64 encoded
    * @param $identifier Username, utf-8 encoded
    * @param $curr_time The unix timestamp of the current generated sig
    * @param $expire Validity period, in seconds
    * @param $base64_userbuf base64 encoded userbuf
    * @param $userbuf_enabled 是No enable userbuf
    * @return string sig after base64
    */
    private function hmacsha256( $identifier, $curr_time, $expire, $base64_userbuf, $userbuf_enabled ) {
        $content_to_be_signed = 'TLS.identifier:' . $identifier . "\n"
        . 'TLS.sdkappid:' . $this->sdkappid . "\n"
        . 'TLS.time:' . $curr_time . "\n"
        . 'TLS.expire:' . $expire . "\n";
        if ( true == $userbuf_enabled ) {
            $content_to_be_signed .= 'TLS.userbuf:' . $base64_userbuf . "\n";
        }
        return base64_encode( hash_hmac( 'sha256', $content_to_be_signed, $this->key, true ) );
    }

    /**
    * 生成签名。
    *
    * @param $identifier 用户账号
    * @param int $expire 过期时间，单位秒，默认 180 天
    * @param $userbuf base64 编码后的 userbuf
    * @param $userbuf_enabled 是否开启 userbuf
    * @return string 签名字符串
    * @throws \Exception
    */
    
    /**
    * Generate signature.
    *
    * @param $identifier user account
    * @param int $expire Expiration time, in seconds, default 180 days
    * @param $userbuf base64 encoded userbuf
    * @param $userbuf_enabled Whether to enable userbuf
    * @return string signature string
    * @throws \Exception
    */
    private function __genSig( $identifier, $expire, $userbuf, $userbuf_enabled ) {
        $curr_time = time();
        $sig_array = Array(
            'TLS.ver' => '2.0',
            'TLS.identifier' => strval( $identifier ),
            'TLS.sdkappid' => intval( $this->sdkappid ),
            'TLS.expire' => intval( $expire ),
            'TLS.time' => intval( $curr_time )
        );

        $base64_userbuf = '';
        if ( true == $userbuf_enabled ) {
            $base64_userbuf = base64_encode( $userbuf );
            $sig_array['TLS.userbuf'] = strval( $base64_userbuf );
        }

        $sig_array['TLS.sig'] = $this->hmacsha256( $identifier, $curr_time, $expire, $base64_userbuf, $userbuf_enabled );
        if ( $sig_array['TLS.sig'] === false ) {
            throw new \Exception( 'base64_encode error' );
        }
        $json_str_sig = json_encode( $sig_array );
        if ( $json_str_sig === false ) {
            throw new \Exception( 'json_encode error' );
        }
        $compressed = gzcompress( $json_str_sig );
        if ( $compressed === false ) {
            throw new \Exception( 'gzcompress error' );
        }
        return $this->base64_url_encode( $compressed );
    }

    /**
    * 验证签名。
    *
    * @param string $sig 签名内容
    * @param string $identifier 需要验证用户名，utf-8 编码
    * @param int $init_time 返回的生成时间，unix 时间戳
    * @param int $expire_time 返回的有效期，单位秒
    * @param string $userbuf 返回的用户数据
    * @param string $error_msg 失败时的错误信息
    * @return boolean 验证是否成功
    * @throws \Exception
    */

     /**
    * Verify signature.
    *
    * @param string $sig Signature content
    * @param string $identifier Need to authenticate user name, utf-8 encoding
    * @param int $init_time Returned generation time, unix timestamp
    * @param int $expire_time Return the validity period, in seconds
    * @param string $userbuf returned user data
    * @param string $error_msg error message on failure
    * @return boolean Verify success
    * @throws \Exception
    */

    private function __verifySig( $sig, $identifier, &$init_time, &$expire_time, &$userbuf, &$error_msg ) {
        try {
            $error_msg = '';
            $compressed_sig = $this->base64_url_decode( $sig );
            $pre_level = error_reporting( E_ERROR );
            $uncompressed_sig = gzuncompress( $compressed_sig );
            error_reporting( $pre_level );
            if ( $uncompressed_sig === false ) {
                throw new \Exception( 'gzuncompress error' );
            }
            $sig_doc = json_decode( $uncompressed_sig );
            if ( $sig_doc == false ) {
                throw new \Exception( 'json_decode error' );
            }
            $sig_doc = ( array )$sig_doc;
            if ( $sig_doc['TLS.identifier'] !== $identifier ) {
                throw new \Exception( "identifier dosen't match" );
            }
            if ( $sig_doc['TLS.sdkappid'] != $this->sdkappid ) {
                throw new \Exception( "sdkappid dosen't match" );
            }
            $sig = $sig_doc['TLS.sig'];
            if ( $sig == false ) {
                throw new \Exception( 'sig field is missing' );
            }

            $init_time = $sig_doc['TLS.time'];
            $expire_time = $sig_doc['TLS.expire'];

            $curr_time = time();
            if ( $curr_time > $init_time+$expire_time ) {
                throw new \Exception( 'sig expired' );
            }

            $userbuf_enabled = false;
            $base64_userbuf = '';
            if ( isset( $sig_doc['TLS.userbuf'] ) ) {
                $base64_userbuf = $sig_doc['TLS.userbuf'];
                $userbuf = base64_decode( $base64_userbuf );
                $userbuf_enabled = true;
            }
            $sigCalculated = $this->hmacsha256( $identifier, $init_time, $expire_time, $base64_userbuf, $userbuf_enabled );

            if ( $sig != $sigCalculated ) {
                throw new \Exception( 'verify failed' );
            }

            return true;
        } catch ( \Exception $ex ) {
            $error_msg = $ex->getMessage();
            return false;
        }
    }

    /**
    * 带 userbuf 验证签名。
    *
    * @param string $sig 签名内容
    * @param string $identifier 需要验证用户名，utf-8 编码
    * @param int $init_time 返回的生成时间，unix 时间戳
    * @param int $expire_time 返回的有效期，单位秒
    * @param string $error_msg 失败时的错误信息
    * @return boolean 验证是否成功
    * @throws \Exception
    */

    /**
    * Verify signature with userbuf.
    *
    * @param string $sig Signature content
    * @param string $identifier Need to authenticate user name, utf-8 encoding
    * @param int $init_time Returned generation time, unix timestamp
    * @param int $expire_time Return the validity period, in seconds
    * @param string $error_msg error message on failure
    * @return boolean Verify success
    * @throws \Exception
    */
    public function verifySig( $sig, $identifier, &$init_time, &$expire_time, &$error_msg ) {
        $userbuf = '';
        return $this->__verifySig( $sig, $identifier, $init_time, $expire_time, $userbuf, $error_msg );
    }

    /**
    * 验证签名
    * @param string $sig 签名内容
    * @param string $identifier 需要验证用户名，utf-8 编码
    * @param int $init_time 返回的生成时间，unix 时间戳
    * @param int $expire_time 返回的有效期，单位秒
    * @param string $userbuf 返回的用户数据
    * @param string $error_msg 失败时的错误信息
    * @return boolean 验证是否成功
    * @throws \Exception
    */

    /**
    * Verify signature
    * @param string $sig Signature content
    * @param string $identifier Need to authenticate user name, utf-8 encoding
    * @param int $init_time Returned generation time, unix timestamp
    * @param int $expire_time Return the validity period, in seconds
    * @param string $userbuf returned user data
    * @param string $error_msg error message on failure
    * @return boolean Verify success
    * @throws \Exception
    */
    public function verifySigWithUserBuf( $sig, $identifier, &$init_time, &$expire_time, &$userbuf, &$error_msg ) {
        return $this->__verifySig( $sig, $identifier, $init_time, $expire_time, $userbuf, $error_msg );
    }
}
